一个SSH密钥，用于多个Ubuntu服务器+ Windows + Teamcity

Question

I would like to get some help from you all regarding an issue I'm having at the moment. This is my issue.

I want to use the same SSH key to access multiple Ubuntu servers. The reason for this is that I want to deploy our application in DEV, STAGING, PROD, LOCAL environments through a CI server. We use Ubuntu servers in these environments. The tech lead asked me to generate one key and use it for all the servers to make the continuous integration easy. We useTeamcity for CI and the Teamcity server and its agents run in the same Windows server.

I have generated id_rsa and id_rsa.pub key pairs in one server (LOCAL server).

The next step is to copy id_rsa.pub to all the other servers and upload the id_rsa file to the Teamcity server.

I assume that since now the Teamcity server has the id_rsa key it should be able to ssh to Ubuntu servers and issue commands through SSH Exec (Deployer plugin).

Could someone tell me from the SSH key point of view what I have done and assumed so far is correct? The remote servers are Ubuntu and the client (Teamcity server) is a Windows server.

As I have described above I tried to connect to the server where I generated the keys from the city server. I this case, I uploaded the id_rsa to the teamcity server and tried to connect. I have given the following as the path to the id_rsa file. I verified that the file actually resided in the following location.

E:\\BuildServerConfig\\config\\projects\\MyProject\\pluginData\\ssh_keys where E:\\BuildServerConfig is the Data directory.

But I got the following error

com.jcraft.jsch.JSchException: java.io.FileNotFoundException: E:\\BuildServerConfig\\config\\projects\\MyProject\\pluginData\\ssh_keys (The system cannot find the path specified)

I know the path is optional, when I removed the path it gave the following error

Unexpected error: java.lang.IllegalArgumentException: Argument for @NotNull parameter 'path' of jetbrains/buildServer/util/FileUtil.resolvePath must not be null

Could some please enlighten me on this?

Answer 1

You are putting the keys in: E:\\BuildServerConfig\\config\\projects\\MyProject\\pluginData\\ssh_keys The error message says it cannot find the key in: E:\\BuildServerConfig\\config\\projects\\MyProject\\pluginData\\ssh_keys. That is probably why you get the message that it can't find the path specified.

The private key (id_rsa) normally stays on the CLIENT. If you put the private key (id_rsa) on the teamcity server, apparently you want to use the teamcity server as the client?

The question you ask in the title is how to use multiple UBUNTU servers with a single key

1. On the CLIENT machine, create a ssh key-pair:

    ssh-keygen -t rsa 

   This creates a key-pair in hidden directory .ssh in the home directory. The key-pair consists of a secret private key file (usually named 'id_rsa') and a public key file (usually named 'id_rsa.pub')

2. From the CLIENT machine, copy the public key to the SERVER machines

     ssh-copy-id username@servermachine 

   The server machine will likely ask you for a password for 'username' to login. If login is successful, the public key will be copied to the server. On the server, the client public key is added to the file .ssh/authorized_keys in the home directory of username on the server. Repeat this step for all servers.

3. You can now login from the CLIENT to all SERVERS using a single key. To test this, try on the CLIENT machine: ssh username@servermachine1 Now you should be logged in on servermachine1 without the need for a password, the ssh connection uses the combination of private and public keys. You should repeat this test for servermachine2 to servermachineN

For other operating systems, such as Windows, ssh is not a standard feature. SSH commands, the names and locations of key files and the key storage format, depend on the ssh software you are using. The general idea is:

• create a key pair (private + public) on the client. The key pair belongs to the user creating the pair
• copy the public key to the server to a designated key location for the user on the server
• from the client login to the server using the client key-pair and the designated username on the server. Instead of logging in, you can also copy files or send commands between client and server using the ssh software stack and the keys.